IAS

A

AJD

I'm thinking of implementing a W2K RADIUS server for our
VPN users. I understand that the VPN server can then
authenticate against this RADIUS server. I'd like to
have it authenticate against active directory; however,
some of my VPN users won't necessarily be network users.
Therefore, yes I want to create VPN logins in AD, but I
don't want them to have access to other network
resources. Is there a way to create users in AD that
can't login to the domain, but I can still authenticate
using RADIUS?

any input would be appreciated.
 
S

Stefan Buchman

You should be able to create these logins in AD and then lock them
down through Group Policy denying them the 'Log in Interactively'
right. This will allow RADIUS to verify the credentials but the users
will be unable to login to a workstation that is a member of the
domain.

- Stefan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

VPN and RADIUS question 1
RADIUS SERVER SUGGESTIONS?? 3
Question concerning Remote Access Authentication with IAS 1
Routing and remote access - allow rdp only 4
VPN / RADIUS question 1
Creating user objects in different OU 7
Stand-alone Server to AD 2
Windows 2003 AD Native and VPN 2

Top